from the deja-vu-for-President! dept

It seems Virginia can't catch a break when it comes to voting. Trusting vendors to provide secure electronic voting devices just isn't paying off. Two years ago, Virginia pulled a bunch of voting machines after it was discovered they were leaky, insecure devices masquerading as something American voters could trust.

The security wasn't just bad in the way many machines are -- frailties that can only be sussed out by security researchers and talented criminals. No, they were bad in the way your grandparents' Google Box is: "secured" with passwords like "abcde" or "admin," along with accessible DOS prompts and multiple open ports.

The decision forces Virginia counties to swiftly replace any touchscreen devices with machines that produce a paper trail, ensuring the state can audit its closely watched gubernatorial race this November between Democrat Ralph Northam and Republican Ed Gillespie.

With possible interference in last year's presidential election not even in the rearview mirror yet, Virginia's government is moving up the date of its planned obsolescence. As Politico notes, there's already a law on the books in Virginia phasing out use of touchscreen voting devices by 2020. This just moves that date forward three years, just in time for this year's elections.

It's not that electronic voting devices are inherently bad. It's just that they appear to be inherently flawed. Report after report shows multiple vulnerabilities in voting machines and yet, year after year, there appears to be little forward motion on the security side. This is baffling, considering learning from mistakes is one of those things even lab rats can do -- but it often seems to be almost impossible for voting device vendors. The flaws generally aren't the result of meticulously-targeted exploits by criminals, but rather the sorts of things that shouldn't go overlooked when vetting machines for use in the public sector.

The paperless office may be on the threshold but the (secure) paperless vote is continually several years away.

Re: What is so hard about this...

However... because it is our government we are talking about, these systems aren't chosen on merit, but by who has donated the most money to a congress critter in the area... 'MERICA!

They really need a law (or better yet a constitutional amendment) against this practice. Even if there's nothing illegal being done, it looks shady as hell to plenty of people.

Just look back at 2004, there were plenty of people afterwards saying that Diebald rigged the election for Bush because of the generous donations their CEO made to his campaign.

Diebald didn't help themselves either with their constant threats under intellectual property laws to sue anyone who dared even suggest that they might look around at their voting machines to verify it's accuracy & security (including threats to some college professors who were clearly well qualified to be impartial judges on something like this).

The mere threat of lawsuits speaks volumes about how Diebald thinks their software would actually do if it were checked for accuracy and/or security. Especially threats against college professors, since what better endorsement could there be for your product than security experts independently verifying your voting machines accuracy and security?

Voting machines will improve when the purchase contract improves

In this instance, it's not even clear that Virginia is getting any compensation from the vendor as a result of this early retirement, so from the vendor's perspective, this is (in the short term) pure profit. With the machines retired, they won't need to provide any support for them, and they get to keep all the money from the original purchase.

If the government's purchase contract outlined specific measurable security requirements for the machines, and provided generous penalties for failure to meet those requirements (at minimum, all devices subject to return (with full refund, including shipping and handling) at vendor's expense, and vendor is responsible for the costs incurred discovering the weakness, but preferably also some sort of bonus penalty (e.g. on top of the refund, vendor owes x% of original contract), the vendor would be motivated to sell something secure. Until then, why spend the effort securing it when they can keep selling the insecure version?

Re: Re:

What's Wrong With Scan Ballots?

In my Virginia municipality, you mark in dark ink on an electronically-scanned paper ballot, then feed it into the machine. The convenience of electronic counting with the security of paper ballots. What's not to like?

What is so hard

HAVA was a complex mandate to states on election procedures reform -- forcing many to adopt "modern" voting equipment like touchscreen DRE.

The combination of brilliant U.S. Congress members and even more brilliant state election bureaucrats... really improved American election procedures.If you want top notch vision and expertise on applied technology -- always put government politicians in charge of things.

Re: What's Wrong With Scan Ballots?

I share your enthusiasm for hand-recountable OCR cards; we also use them in Massachusetts.

Congress should require them nationwide, setting standards, eg--

uniform protocols for securing and storing the ballots after the polls close, until it is determined no recount is needed.

Recounts at randomly selected precincts for audit purposes even when no general recount is requested.

Uniform protocols for recounting, to maximize transparency. Example: no recounting officials should use ink the same color as that used by voters. If a machine rejects a vote that a recounted awards to a candidate, the ballot should be kept in a hand-counted pile rather than altered to go through the machine.

Without paper ballots you can never have poll workers finding boxes of "uncounted ballots" in the trunk of their cars in those close elections. How else is an election going to turn out the right way?!?

I see what you did there.

Re: Re: voting by mail

The problem with voting by mail is that your boss, your church, your landlord, or your nursing home can demand to see your ballot. There have not been many complaints in Oregon, a State with a high degree of public trust, but States with sharp-elbowed machine cultures would have no end of opportunities for mischief.

Re: What's Wrong With Scan Ballots?

The convenience of electronic counting with the security of paper ballots. What's not to like?

There's really no difference between this, and a purely electronic machine which prints out a copy of your receipt, except that in the first case it's possible to fill the paper ballot out in an unclear manner, whereas that can't happen in a digital entry.

So the real question is why all the electronic voting machines fail at something every convenience store does hundreds/thousands of times a day.

Re: Uncounted paper ballots

While not inconceivable, suspicious boxes of uncounted paper ballots can be countered by having mutually untrusting observers monitor the creation of all countable boxes. Any extra boxes that show up without an audit trail must be dismissed as uncountable on the mere suspicion that they might be non-legitimate. Parties that want to ensure every vote is counted are thus motivated to ensure every box has an appropriate audit trail, lest the disqualified box be one they later regret.

As for rigging elections, it's much easier to rig the election when the machine's output is the sole determiner. Whoever controls that output controls the election, regardless of what inputs it is given.

Re: Re: Re: voting by mail

There's really no modern evidence to suggest that this kind of interference is a legitimate problem. Meanwhile, states like Arizona have used the specter of ballot interference to restrict voting methods disproportionately employed by minorities (eg churches collecting and submitting absentee ballots).

If there is evidence of third parties interfering with election integrity, then it should absolutely be addressed, and the responsible parties should be punished. But restricting people's convenient access to the ballot box doesn't protect election integrity, it harms it.

The new is not always better than the old

I would say that electronic voting machines are indeed inherently bad. They introduce very serious problems involving security, privacy and usability without any real advantages over traditional pen and paper ballots. That the devices themselves are built by the lowest bidder is a big part of the problem, but even the most competently built machine can't negate the flaws in the concept itself. Electronic voting is a black box, the operation of which is not directly observable or verifiable by involved parties or independent observers. Something people have no choice but to trust, can never be considered trustworthy.

Re: Re: What is so hard about this...

I have long advocated doing this very thing.

After you vote the machine would print a receipt, you review the receipt to make sure it's correct (and have some way to "redo" in case it is not) and then you drop off the receipt in the ballot box. Should there be a particularly close vote or any question about the vote in general, you simply pull out the receipts and count them by hand like we currently do with paper ballots.

Re: Re: What's Wrong With Scan Ballots?

"There's really no difference between this and a purely electronic machine which prints out a copy of your receipt"

It isn't the UI or the report that is the hard part. It is validation that is difficult.

The way I would do it, is have each machine arranged in a horseshoe, and run a constant recording of a string cortet in the middle of all the voting machines. Each vote gets superimposed over a video frame, and then block chained. Validation is by watching the video. If there was tampering, the blockchain wouldn't validate, and the video wouldn't play back properly. Running the bare video next to the vote superimposed video would reveal any hanky panky.

In this way, you could post the videos on a website, and everyone could verify by timestamp, their own votes indefinately after the fact. And if so inclined vote counting could be done by anyone who chose to take on the task.

But there are probably other ways. Really there should be an X-prize for this or something. The state will never build a workable solution, or permit one to be built on contract. It is a group psychology thing. It can be done, but it can't be done by committee.

So yet again the world will be saved by FOSS. Hold the cape and gold stars, and just bring beer and virtuous maidens.

Re: What's Wrong With Scan Ballots?

Back when the 2000 elections happened, and "hanging chads" became a household word, I looked at the paper ballots in use where I live (Maryland) and thought that they were clearly superior, having none of the lack-of-clarity problems of the ballots described as being in use in Florida. (Arrowhead at one side of the page, arrow fletching at the other side, IIRC one such for each candidate; you use a Sharpie to draw the black line connecting the halves of the arrow corresponding to the candidate you want, then feed the paper into a machine that scans for that long, thick, dark line.)

And then of course in the next election - or the next one I remember noticing for, at least - they had replaced those with electronic voting machines. (From Diebold, IIRC.)